Many devices communicate with other devices through various wireless protocols (e.g., using a Bluetooth protocol). While wireless protocols offer convenience, data that is communicated through such wireless protocols are particularly susceptible to capture of the transmitted data. The transmitted data is often encrypted, but the encryption becomes vulnerable if one of the keys used to encrypt/decrypt the data is compromised. For example, a key can be compromised after a physical attack that retrieves the key directly from the flash memory of one of the devices. If an attacker can retrieve the key, any previously recorded communications can be decrypted.
In order to provide security for the previously recorded communications (i.e., backward security) even when a key is compromised, some methods use various operations (e.g., Diffie-Hellman, etc.) to generate unique ephemeral session keys for each communication session between a pair of devices. Ephemeral keys are removed after each session so even if an attacker gets access to a particular key, encrypted data from previous sessions is still secured, providing backward security. However, generating such unique ephemeral keys for each session requires significant power and hardware, and building devices with such capabilities increases costs and affects the battery life of the devices. It is desirable to provide backward security for low-power or low-capability devices.